News and announcements

Loggerhead 1.18.1 brings security and stability fixes. Filenames are now correctly escaped in revision views, removing a cross-site scripting vector (CVE-2011-0728). A crash in start-loggerhead when log rotation was enabled has also been fixed.

We strongly recommend that all users upgrade to 1.18.1 due to the included security fix.

Loggerhead 1.18 brings many stability fixes, more configuration options, and some performance improvements for high-load environments. Loggerhead can now run under mod_wsgi, FastCGI, and SCGI environments. This release also should be compatible with versions of bzr up to 2.3.

We strongly recommend that any installation currently running 1.17 or earlier upgrade to 1.18 with bzr 2.1 or later, as earlier combinations of bzr and loggerhead tended to have significant stability issues.

In bug listings, there's a new sticking plaster icon that shows you which bugs
have a patch attached.

Also, Launchpad will now email you when someone attaches a patch to a bug to
which you're subscribed.

Anonymous web service API access
---------------------------------

Leonard blogs that:

Your launchpadlib scripts can now get read-only access to the Launchpad web
service API without going through any authorization process. Previously,
to authorize your script, you had to open a web page in the end-user's web
browser and get the user to click a button. Now, you only have to go through
that process if you want to access someone's private data or modify the
Launchpad dataset on their behalf.

We're now using a new numbering scheme for Launchpad's releases. We've chosen
something similar to the Ubuntu style, whereby our release numbers start with
the year, followed by the number of releases so far in that year.